- Allow xserver to use netlink_kobject_uevent_socket

2009-09-07 01:29:07 +00:00 · 2009-09-07 01:29:07 +00:00 · 72bc25da0e
commit 72bc25da0e
parent 35651d45d8
3 changed files with 59 additions and 53 deletions
--- a/booleans-targeted.conf
+++ b/booleans-targeted.conf
@ -8,7 +8,7 @@ allow_execmod = false

 # Allow making the stack executable via mprotect.Also requires allow_execmem.
 # 
-allow_execstack = true
+allow_execstack = false

 # Allow ftpd to read cifs directories.
 # 
--- a/policy-F12.patch
+++ b/policy-F12.patch
@ -16568,7 +16568,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.6.30/policy/modules/services/setroubleshoot.te
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/services/setroubleshoot.te	2009-09-06 15:49:01.000000000 -0400
+++ serefpolicy-3.6.30/policy/modules/services/setroubleshoot.te	2009-09-06 21:25:04.000000000 -0400
@@ -22,13 +22,19 @@
 type setroubleshoot_var_run_t;
 files_pid_file(setroubleshoot_var_run_t)
@ -16695,10 +16695,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	userdom_dontaudit_search_admin_dir(setroubleshoot_fixit_t)
 +
 +	optional_policy(`
-+	rpm_signull(setroubleshootd_fixit_t)
-+	rpm_read_db(setroubleshootd_fixit_t)
-+	rpm_dontaudit_manage_db(setroubleshootd_fixit_t)
-+	rpm_use_script_fds(setroubleshootd_fixit_t)
+		rpm_signull(setroubleshoot_fixit_t)
+	rpm_read_db(setroubleshoot_fixit_t)
+	rpm_dontaudit_manage_db(setroubleshoot_fixit_t)
+	rpm_use_script_fds(setroubleshoot_fixit_t)
 +')
 +
 +optional_policy(`
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.30
-Release: 2%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@ -165,7 +165,7 @@ if [ -s /etc/selinux/config ]; then \
 	. %{_sysconfdir}/selinux/config; \
 	FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
 	if [ "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT} ]; then \
-		cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.pre; \
+	   [ -f ${FILE_CONTEXT}.pre ] || cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.pre; \
 	fi \
 fi

@ -443,6 +443,12 @@ exit 0
 %endif

 %changelog
+* Fri Sep 4 2009 Dan Walsh <dwalsh@redhat.com> 3.6.30-4
+- Allow xserver to use  netlink_kobject_uevent_socket
+
+* Thu Sep 3 2009 Dan Walsh <dwalsh@redhat.com> 3.6.30-3
+- Fixes for sandbox 
+
 * Mon Aug 31 2009 Dan Walsh <dwalsh@redhat.com> 3.6.30-2
 - Dontaudit setroubleshootfix looking at /root directory